It seems indeed a NordVPN limitation: Reddit: Unbound DNS over VPN issues
So I am now trying to find a way to route Unbound traffic out of the tunnel, trying namespaces, virtual interfaces and so on, but so far I’ve been unable to accomplish nothing.